IoT security principles are critical – and they already exist

As with all information systems, basic security principles are critical for IoT implementation. The Secure Technology Alliance IoT Security Council recently published a white paper called “Embedded Hardware Security for IoT Applications,” which provides basic security principles for securing IoT.

The security principles for IoT devices are essential to guarantee protected procedures for authorization, confidentiality, integrity and availability.

The CIA security model contains three principles that are essential in information security: confidentiality, integrity and availability. The CIA security principles form these core objectives of information security efforts:

  • Confidentiality - the protection of information, such as computer files or database elements, so that only authorized persons may access it in a controlled way
  • Integrity - not being able to modify information unless proper authorization is used
  • Availability - the presence of information when it is needed by authorized personnel and accessed using proper security measures

The white paper explains how to apply these security principles in real-world scenarios.

Featured
Making Connected Health Safe and Secure Under Smartphone Control
Making Connected Health Safe and Secure Under Smartphone Control

Solution providers must go beyond mobile devices’ inadequate built-in security mechanisms while also ensuring the necessary “always-on” connectivity for reliably exchanging safety-critical data and commands between smartphone apps, the IoT devices and the cloud.

IoT Deployments of Any Size Can Now Be Protected with Pre-provisioned Hardware-based Secure Elements
IoT Deployments of Any Size Can Now Be Protected with Pre-provisioned Hardware-based Secure Elements

The IoT has massively broadened the potential threat landscape for the entire market. To mitigate this vulnerability, industry best practices dictate that the authentication model of the connected device be strengthened using a secure element that has been configured for storing private keys and handling crypto-algorithmic secrets. Unfortunately, due mostly to supply chain logistic constraints, this approach has been challenging to onboard for most small-to-medium sized deployments.

The Secure Technology Alliance, formerly the Smart Card Alliance, developed this website to provide information and resources on the Internet of Things.

 

We want to hear from you

What do you want to know about the IoT security? Let us know what you think using the online form, and follow our activities on Twitter and Facebook!